<?php

namespace api\behaviors;

use Yii;
use yii\base\Behavior;
use yii\base\Module;
use yii\web\ForbiddenHttpException;


class LowTokenFilter extends Behavior
{
    public $salt = '';//盐

    /**
     * Declares event handlers for the [[owner]]'s events.
     * @return array events (array keys) and the corresponding event handler methods (array values).
     */
    public function events()
    {
        return [Module::EVENT_BEFORE_ACTION => 'beforeAction'];
    }

    public function beforeAction()
    {
        if(YII_ENV == 'dev' || Yii::$app->request->get('debug')){
            return;
        }
        $header = Yii::$app->request->headers;
        if(!isset($header['m-token'])){
            throw new ForbiddenHttpException('token error');
        }
        $header['m-token'] = 'dddd';
        $now_time = date('YmdH');
        $token = md5($this->salt.$now_time);
        if($header['m-token'] !== $token){
            throw new ForbiddenHttpException('token error');
        }
    }
}
